| ID | C0047 |
| Objective(s) | File System |
| Related ATT&CK Techniques | None |
| Version | 2.0 |
| Created | 4 December 2020 |
| Last Modified | 13 September 2023 |
| Name | Date | Method | Description |
|---|---|---|---|
| Dark Comet | 2008 | -- | Dark Comet deletes files. [1] |
| Gamut | 2014 | -- | Gamut deletes files. [1] |
| GoBotKR | 2019 | -- | GoBotKR deletes files. [1] |
| GravityRAT | 2018 | -- | GravityRAT deletes files. [1] |
| Hupigon | 2013 | -- | Hupigon deletes files. [1] |
| Kovter | 2016 | -- | Kovter deletes files. [1] |
| Mebromi | 2011 | -- | Mebromi deletes files. [1] |
| Redhip | 2011 | -- | Redhip deletes files. [1] |
| Rombertik | 2015 | -- | Rombertik deletes files. [1] |
| SamSam | 2015 | -- | SamSam deletes files. [1] |
| Shamoon | 2012 | -- | Shamoon deletes files. [1] |
| Stuxnet | 2010 | -- | Stuxnet deletes files. [1] |
| UP007 | 2016 | -- | UP007 deletes files. [1] |
| Tool: capa | Mapping | APIs |
|---|---|---|
| delete file | Delete File (C0047) | kernel32.DeleteFile, DeleteFileTransacted, NtDeleteFile, ZwDeleteFile, remove, _wremove, System.IO.File::Delete, System.IO.FileSystemInfo::Delete, kernel32.SHFileOperation, MoveFileEx |
[1] capa v4.0, analyzed at MITRE on 10/12/2022